ucsf - Pwim.Net

Why Did the University of California San Francisco Pay Hackers $1.4 Million in Bitcoin?

The University of California, San Francisco (UCSF), has recently paid criminal hackers $1.14 million to resolve a ransomware attack. The university reportedly paid the amount in 116.4 Bitcoins worth over $1 million.

The Netwalker ransomware gang is believed to be responsible for the attack. Initially, the group demanded a $3 million ransom, but the UCSF had offered them to accept a sum of $780,000. Eventually, after the negotiations were completed, the university paid out $1,140,895 in Bitcoins.

The university was left with ‘no good options’

The cyber hackers launched malware that affected “a limited number of servers” within the medical school at the University of California, thus making data temporarily inaccessible. While researchers at the University of California, medicine school are among those leading COVID-19 related antibody testing, the attack did not impede their coronavirus work, the university said. The institution revealed that it is working with a team of cybersecurity experts to restore the affected servers “soon.”

The university stated that the encrypted data was vital to some of the academic work that the institution purses in serving the broader public interest. As per the report, the university stated that “We, therefore, made the difficult decision to pay some portion of the ransom.”

The mysterious cyberattack was detected recently as June 1, and the university stated that the malicious actors were stopped during the attack. The hackers used malicious malware (software) known as Netwalker to access and gain control of the university’s data. The incident promoted the UCSF medical staff officials to engage in ransomware negotiations that eventually followed with payment.

In exchange, the UCSF said it obtained copies of the stolen documents as well as a key to restoring access to the files. The university, however, refused to say what was in the files, which was worth more than $1 million. It did not believe that medical records were exposed. The incident also did not affect Covid-19 work or patient care delivery operations.

The university stated that it continues working together with law enforcement authorities to investigate the matter. Earlier this month, Netwalker also attacked Michigan State University, but the university declined to pay a ransom.

Why are crypto exchanges and major institutions hacked so often?

Cyber hackers have stolen hundreds of millions of dollars worth of cryptocurrencies in recent years. This problem is unlikely to go away anytime soon, and fear about security has hit crypto prices this year. Hackers are expected to continue targeting crypto exchanges and big institutions. The rewards are high, as crypto exchanges and big organizations own huge amounts of money, but they have not yet implemented proper security.

Ransomware Attack Directed Towards University of California Generated 118 Bitcoin

The University of California, San Francisco’s plans to further COVID-19 vaccine research were disrupted by a ransomware attack on the school’s servers.

Ransomware Operation Hits US, Seeks $3 Million

School files, transcripts, employee, and student-related data were reported to have been stolen during the hack. The University of California, San Francisco (UCSF) was working on a vaccine for COVID-19 when several of its school servers were shut down and locked by hackers.

The ransomware group responsible for the network freeze appears to be Netwalker, a hacking ring that has been fairly active since last fall. The hacking operation demanded a ransom of $3 million in exchange for releasing the digital keys and set a deadline of “2 days, 23 hours, and 0 minutes” for the transfer of digital assets. It also appointed a representative whose purpose was to coordinate all negotiations and discussions with UCSF. The hacker’s speaker was dubbed “Operator.”

Negotiations to Drive Down Ransom

Though UCSF has not been able to confirm the origin of the attackers, the messages that were exchanged between the university’s negotiator and Operator were riddled with grammatical tics that are commonly observed among native Russian speakers. One thing that seemed like a fair bet was that the hackers were not in US jurisdiction at the time of the act.

Though the FBI usually handles ransomware attacks on US soil, UCSF took matters into their own hands for this case. UCSF negotiator demanded that Operator give the university a bit more time to come up with the sum that they demanded. The professional also negotiated for a lower price, tugging on Operator’s emotional chords and stating that due to the ongoing COVID-19 research that the university was engaged in, it had nowhere near the funds that Operator demanded.

The exchange took approximately six days, with ransom demands fluctuating from $390k to $780k and so on. UCSF negotiator relentlessly attempted to drive down the ransom price, to no avail. Finally, resorting to empathy, the negotiator said to Operator, as disclosed by Bloomberg, “I haven’t slept in a couple of days because I’m trying to figure this out for you. I am being viewed as a failure by everyone here and this is all my fault this is happening.”

Whether or not this was a strategy employed by the negotiator, it somehow worked, as Operator responded, “My friend, your team needs to understand this is not your failure. Every device on the internet is vulnerable.”

BTC Funds for Netwalker

The negotiator and Operator finally agreed on a price, that was worth $1.14 million. This translates to approximately 118 Bitcoin at the time of writing. The university representative then demanded a few days to gather the digital assets. The deal that was struck entailed that the Netwalker ransomware group would transfer all the data it stole from the university’s network to UCSF, in exchange for the funds. The attackers also had to provide evidence that they had deleted the copies from their own servers, a task that required attentive decryption.

UCSF was able to link the hackers to Netwalker, due to the cybercriminals’ dark web blog. Netwalker hacking operation also possessed its own malware, available for leasing to any future attackers to use. In March, they also posted a dark web ad to recruit new hackers to their team. The posting read: “Russian-speaking network intruders—not spammers—with a preference for immediate, consistent work.”

Final Deal Struck Between UCSF & Operator

Through down-to-earth conversation, an appeal to empathy and compliments —a common negotiation strategy that seasoned negotiators stand by —UCSF negotiator was able to strike a deal to recover at least 20 gigabytes of stolen files that attackers had gained from their hack from the university network. This translated to encrypted data from at least seven university servers.

Japanese University Leverages Blockchain to Protect Servers

Ransomware attacks appear to be on the surge, especially during the pandemic.

Companies are certainly not the only ones concerned with cyber attacks. In fact, schools have also been increasingly targeted for encrypted data and transcript forgery. Recently, Japan came up with a system called CloudClerts that leveraged blockchain technology to provide universities with a more secure way of distributing academic transcripts and expected graduation diplomas.Blockchain is increasingly perceived by many firms and institutions as a way to combat digital counterfeits and conduct business more efficiently.

University of Utah Paid Out $450k to Ransomware Gang to Prevent Student Data Leak

The University of Utah paid a hefty sum of $457,059.24 to a ransomware gang to prevent compromised student data from being leaked online.

The hush payment amounted to $$457,059.24. According to the University of Utah, computing servers in the school department of College of Social and Behavioral Science (CSBS) experienced a criminal ransomware attack on July 19, 2020, which rendered its servers temporarily inaccessible.

The university also confirmed that about .02% of the data on its servers were hijacked by the ransomware group. The hackers claimed that the data accessed were within the CSBS and not central. As a preliminary response, law enforcement agents were notified. Together with the university’s Information Security Office (ISO) and an external cybersecurity firm, an investigation was launched and locally managed IT services and systems from backup copies were restored.

With the CSBS servers fully back online, the university claimed its servers still had vulnerabilities and are prone to further attacks. The university announcement read:

“Despite these processes, the university still has vulnerabilities because of its decentralized nature and complex computing needs. This incident helped identify a specific weakness in a college, and that vulnerability has been fixed. The university is working to move all college systems with private and restricted data to central services to provide a more secure and protected environment.”

To be on the safe side, the university advised students and staff to use strong passwords as well as two-factor authentication in the meantime.

Universities Becoming Easy Targets for Ransomeware Groups

Ransomware gangs are hitting universities more and more, as they appear to have been easy to prey upon in recent times. Blockchain.News had previously reported that the University of California, San Francisco (UCSF), had paid criminal hackers from the Netwalker ransomware gang a sum of $1.14 million to resolve a ransomware attack.

While the ransomware attack on The University of Utah involved a single server from the CSBS, the attack on the University of California, San Francisco affected “a limited number of servers” within the medical school, making data temporarily inaccessible.

The University of Michigan also suffered similar attacks from the Netwalker gang but allegedly refused to pay any ransom. With ransomware gangs mostly demanding payments in Bitcoin (BTC), no arrests have yet been made with respect to these three mentioned attacks.